The IBC Bank, which is the 79th largest in the United States, focuses on Texas and Oklahoma, and uses BluVector security to find malware and compromised data in emails and other files.
Artificial intelligence (AI) is at the core of BluVector.
"Bits and pieces of AI lend themselves well to making certain determinations," Senior Vice President and CISO John Byers told IT Business Edge. "As they collect and learn things, it saves you [an employee] and other things. It hasn’t reached the point at which it's mature enough to rate replacing several employees. But it does a good job as entry level."
The server-based platform works in both the north/south (data in the form of texts, emails and other formats entering and exiting the organization) and east/west (data moving within the organization). Having "eyes" in both directions makes it more likely that malicious content will be found and the source of the malware be identified.
The source of the malicious code and other important insights are found by forensic investigation. In other words, the journey of the file or packet can be replayed and assessed in detail. In addition, malicious code can be allowed to work its way through the system (under close watch, of course). Its actions can be matched against other malware and help identify the source of the attack.
AI is an umbrella term that covers a number of sophisticated technologies that include machine learning, natural language processing, computer vision and others. The presence of these different AI functionalities is different in each implementation. In the case of IBC, the emphasis is on machine learning.
As the name implies, machine learning is the ability of an AI system to change its behavior based on data that it receives over time. Byers used .pdf files as an example. Adobe .pdf files, the most commonly used, have unique characteristics. There are other types of .pdfs, however. Non-Adobe versions are likely to differ enough to trigger the AI system to flag them as potentially being corrupt or carrying malware. In essence, the system would say, "This seems to be a .pdf, but something doesn't seem quite right. What do you want me to do?"
The human operator would take a look and say that the .pdf is fine. The machine learning element has the intelligence to understand, after having that exchange several times, that the non- Adobe .pdf is legitimate and doesn't have to be flagged. Thus, the system has learned and adjusted its behavior.
In response to questions from IT Business Edge, BluVector Chief Technology and Strategy Officer Travis Rosiek said that BluVector achieved a detection efficacy rate of 99.1% against Miercom’s industry standard samples in a report based on a test administered by that firm.
The platform had a100 percent detection against advanced threats such as polymorphic and anonymously shared files.
"In practice, those rates have led customers to achieve a 5:1 analyst efficiency gain," Rosiek wrote. "This is achieved by BluVector’s AI-driven platform, which allows analysts to focus on the detection of and response to real threats, instead wasting time on false positives. For teams of all sizes and degrees of sophistication, this results in a meaningful ROI while decreasing the overall risk profile of the organization."
Technology is only part one element of corporate security, albeit a big one. User vigilance is the other. Byers said that a danger is that people become complacent and let their guard down as AI takes command. "The thought process about using AI leads some people to plug it in and forget about it," he said. "People can become so reliant on it that they do not really do analysis on what they discover. Once they accept it, they do not even pay attention. It is a false sense of security that it can at times create it. That's the challenge, relying on it more so than you should."
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.